Re: [PATCH] CRED: Fix SUID exec regression
From: David Smith
Date: Fri Feb 06 2009 - 11:32:41 EST
David Howells wrote:
> The patch:
>
> commit a6f76f23d297f70e2a6b3ec607f7aeeea9e37e8d
> CRED: Make execve() take advantage of copy-on-write credentials
>
> moved the place in which the 'safeness' of a SUID/SGID exec was performed to
> before de_thread() was called. This means that LSM_UNSAFE_SHARE is now
> calculated incorrectly. This flag is set if any of the usage counts for
> fs_struct, files_struct and sighand_struct are greater than 1 at the time the
> determination is made. All of which are true for threads created by the
> pthread library.
>
> However, since we wish to make the security calculation before irrevocably
> damaging the process so that we can return it an error code in the case where
> we decide we want to reject the exec request on this basis, we have to make the
> determination before calling de_thread().
>
> So, instead, we count up the number of threads (CLONE_THREAD) that are sharing
> our fs_struct (CLONE_FS), files_struct (CLONE_FILES) and sighand_structs
> (CLONE_SIGHAND/CLONE_THREAD) with us. These will be killed by de_thread() and
> so can be discounted by check_unsafe_exec().
...
> Reported-by: David Smith <dsmith@xxxxxxxxxx>
> Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
I've tested this patch (applied on top of v2.6.29-rc3-634-g9be260a) and
it applies correctly and fixes the problem. David, thanks for fixing this.
Acked-by: David Smith <dsmith@xxxxxxxxxx>
--
David Smith
dsmith@xxxxxxxxxx
Red Hat
http://www.redhat.com
256.217.0141 (direct)
256.837.0057 (fax)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/